1. Field of Invention
The present invention relates generally to the field of content (e.g., multimedia, audiovisual, data, applications, etc.) delivery over a network. Specifically, in one aspect, the invention relates to the methods and apparatus for enforcing digital rights within a premises network where a variety of devices implementing different security packages may be in communication with one another.
2. Description of Related Technology
Recent advances in digital information processing have made a wide range of services and functions available for delivery to consumers at their premises for very reasonable prices or subscription fees. These services and functions include digital programming (movies, etc.), digital video-on-demand (VOD), personal video recorder (PVR), Internet Protocol television (IPTV), digital media playback and recording, as well high-speed Internet access and IP-based telephony (e.g., VOIP). Other services available to network users include access to and recording of digital music (e.g., MP3 files), as well local area networking (including wire-line and wireless local area networks) for distributing these services throughout the user's premises, and beyond.
Increased deployment of wireless interfaces such as WiFi, WiMAX and Bluetooth have also increased the prevalence and opportunity for ad hoc networking; i.e., substantially spontaneous or flexible network topologies between as few as two different entities.
Currently, many of these services are provided and delivered to the user via a wide variety of different equipment environments including, inter alia, cable modems, WiFi hubs, Ethernet hubs, gateways, switches and routers, computers, servers, cable set-top boxes, PSTNs, cellular telephones/smartphones, PDAs, and portable digital music devices such as the Apple iPod™. Additionally, the services associated with such technology are typically provided by multiple vendors including e.g., a cable service provider (e.g., MSO), cellular service provider (CSP), wireless service provider (WSP), VoIP service provider, music download service, Internet service provider (ISP), PSTN telephone service, etc.
Some improvements in digital service integration have been made over time. For example, cable system subscribers (such as those of the Assignee hereof) can now access VOD, PVR, PPV and broadcast services simultaneously, as well a Internet access via cable modem, and even digital telephony (e.g., VOIP). However, these functions are still substantially disparate in terms of their hardware and software environments (i.e., the user must have a cable modem, set-top box, VoIP telephony unit, PC, etc.), and “cross-over” between the environments (e.g., moving content or data from one environment to the other) is quite limited.
Furthermore, the movement of content delivered by these services within the user's premises (or even outside) is substantially frustrated, largely due to concerns relating to protection of valuable (e.g., copyrighted) content and surreptitious reproduction and distribution. Such unauthorized reproduction and distribution not only detracts from the network operator's revenue and commercial viability, but also that of the content source (e.g., movie studio, recording studio/artist, etc.).
Moreover, the lack of a comprehensive and effective scheme for control of content within the user domain effectively precludes content providers from releasing new content over cable or satellite networks contemporaneous with its availability over retail or rental outlets, due in large part to unauthorized access, reproduction and distribution concerns. Stated simply, new release content availability over cable typically lags that of rental/retail, due in large part to the lack of an effective control mechanism for the content once it is delivered to the user domain.
Accordingly, a number of existing technologies have heretofore been developed employed by network operators in order to attempt to frustrate surreptitious access, copying and distribution of valuable content. These technologies include: (i) conditional access (CA), (ii) encryption, (iii) the establishment of trusted domains (TDs), and (iv) digital rights management (DRM).
Conditional Access
Conditional access (CA) technologies are typically incorporated into content-based networks, such technologies including the digital encoding of various types of data including audio and video programming and music. Conditional access can generally be defined as the control of when and how a user may view and use the associated programming or information. Different types of conditional access may be desirable in a network delivery system in order to, e.g., accommodate improvements in the technology over time, as well as different conditional access attributes such as security and category of programming or user access level.
A variety of traditional methods of conditional access exist including, e.g., “Powerkey”, NDS, and DigiCipher. A generalized conditional access model is also provided by the well-known DVB (Digital Video Broadcasting) Specification TS 101 197 V1.2.1 (02/02), DVB SimulCrypt; Part 1: “Head-end architecture and synchronization”, and TS 103 197 V1.2.1 (02/02): “Head-end Implementation of SimulCrypt”, each incorporated herein by reference in its entirety. These can be implemented using, for example, the so-called “CableCard” plug-in security module access technology (also known as a “a point-of-deployment (POD) module”). See, e.g., the CableCard-Host interface specification, which defines the interface between a digital cable receiver or STB (Host device) and the CableCard device provided by the MSO/cable operator. CableCard was developed to satisfy certain security requirements to allow retail availability of host devices, e.g., set-top boxes, digital cable ready televisions, DVRs, personal computers (PCs), integrated digital televisions, etc., for receiving cable services. The CableCard, comprising a PCMCIA device, can be inserted into a host device, allowing a viewer to receive cable systems' secure digital video services, e.g., pay per view TV, electronic program guides, premium subscription channels, etc.
Specifically, the CableCard contains conditional access functionality, as well as the capability of converting messages to a common format. Thus, the CableCard provides a cable operator with a secure device at the subscriber premises, and acts as a translator so that the host device needs to understand a single protocol, regardless of the type of the network to which it is connected.
Encryption
In many content-based networks (e.g., cable television systems), the client device or consumer premises equipment (CPE) receives, through the cable TV network, programming content which may be encrypted, e.g., in accordance with the data encryption standard (DES) technique or Advanced Encryption Standard (AES), to secure its delivery.
DES is a well-known symmetrical cipher that utilizes a single key for both encryption and decryption of messages. Because the DES algorithm is publicly known, learning the DES key would allow an encrypted message to be read by anyone. As such, both the message sender and receiver must keep the DES key a secret from others. A DES key typically is a sequence of eight bytes, each containing eight bits. To enhance the DES integrity, the DES algorithm may be applied successive times. With this approach, the DES algorithm enciphers and deciphers data, e.g., three times in sequence, using different keys, resulting in a so-called triple DES (3DES) technique.
The Advanced Encryption Standard (AES), also known as Rijndael, is a block cipher adopted as an encryption standard by many entities including the U.S. government. It is used worldwide, as is the case with its predecessor, DES. AES was adopted by National Institute of Standards and Technology (NIST) and was codified as US FIPS PUB 197 in November 20 AES provides a much higher level of encryption than DES or 3DES, and hence is increasingly being integrated into applications where strong protection is desired, including the delivery of content over cable or other content-based networks.
In contrast to the DES or AES techniques, a public key encryption technique, e.g., an RSA technique (named for its developers, Rivest, Shamir, and Adleman), uses two different keys. A first key, referred to as a private key, is kept secret by a user. The other key, referred to as a public key, is available to anyone wishing to communicate with the user in a confidential manner. The two keys uniquely match each other, collectively referred to as a “public key-private key pair.” However, the private key cannot be easily derived from the public key. A party wishing to send a message to the user may utilize the public key to encrypt a message before transmitting it. The user then utilizes the private key to decrypt the message. Conversely, the private key may be used to encrypt a message, in which case the message can subsequently be decrypted with the public key. For example, the keys for the RSA algorithm are mathematically generated, in part, by combining prime numbers. The security of the RSA algorithm, and the like, depends on the use of very large numbers for its keys, which typically are 512 bits long or longer.
“Trusted Domains”
Another related approach for content protection comprises the creation and enforcement of a “trusted domain” or TD. Specifically, such a trusted domain comprises an area (physically or virtually) within which programming or other content is protected from unauthorized access, distribution and copying. For example, in a cable network, a trusted domain may include not only the network portion where programming content traditionally is secured by, and within total control of, a cable operator (including, e.g., the headend, HFC delivery network, etc.,) but also user devices or CPE 106 at subscribers' premises which are capable of receiving and securely storing programming content. Using the trusted domain approach, the network operator can guarantee certain subscriber access, distribution, and usage policy enforcement with respect to content held within the domain. For example, a digital representation of a movie held within an operator's TD (e.g., on a hard drive of a user device) cannot be distributed over the Internet, wireless network, etc. in viewable form, and cannot become a source for duplication of multiple viewable copies.
One exemplary approach of implementing a trusted domain, described in co-owned and co-pending U.S. patent application Ser. No. 11/006,404 filed Dec. 7, 2004 and entitled “Technique For Securely Communicating And Storing Programming Material In A Trusted Domain” (TWC 03-17), which is incorporated herein by reference in its entirety, comprises using two cryptographic elements (e.g., encryption keys), associated with a user and his/her client device(s), respectively, that control access to content stored in the client device(s) within the domain. The trusted domain is preserved with respect to the stored content so long as the content remains encrypted and continues to be managed under the prescribed key management methodology, regardless of which device stores the content. Once the content itself is decrypted, e.g., by a conditional access (CA) mechanism when data is sent from the DVR CPE to a television monitor for display, the decrypted content is no longer within the trusted domain.
Closely related to the concept of a trusted domain is the so-called ASD or “Authorized Service Domain”. ASD is a digital content management technology that is used by cable operators to protect their distributed content. ASD is defined by NGNA and CableLabs, and specifies a protocol for devices to exchange content protection information and/or security packages. These security packages typically pertain to service entitlement packages on the cable network. The security mechanism utilized with the ASD framework is typically tied to the security credentials of a multi-stream CableCard (see discussion of CA above), or secure microprocessor (SM) under the so-called DCAS or Downloadable Conditional Access System paradigm.
Digital Rights Management (DRM)
Another approach used to control the distribution and use of protected content within a content-based network is to employ so-called digital rights management (DRM). For example, Media rights management systems such as the Microsoft Windows® Media Digital Rights Manager (DRM), may be used as well. The Windows® Media Player Version 9 comprises audio and video codecs, the Windows Media Encoder, Windows Media Server, Windows Media Software Development Kit (SDK), Digital Rights Management (DRM) technology, and an extensibility model that allows integration into third-party solutions.
According to one such DRM approach, a digital media or content file is encrypted and locked with a “license key.” The license key is stored in a license file or other data structure which is distributed separately from the media or content. A user can obtain the encrypted media file by, e.g., downloading it from a web site, purchasing it on a physical media, etc. To play the digital media file, the user must first acquire the license file including the license key for that media file. The user acquires the license key by accessing a pre-delivered license (which includes license terms or policies). Alternatively, when the user plays the file for the first time, a procedure is invoked for retrieving the license via a network connection or other delivery mode (e.g., the Internet). After obtaining the license with the license key, the user is able to access the media file according to the rules or rights specified in the license policies.
Another approach to DRM (see, e.g., the RealNetworks “Helix” Platform and Community approach) comprises encrypting a content file (typically performed by the system operator) to create a secured content file, thereby requiring a cryptographic key to access the content in the file. The key is included within a retailer's database, and the secured content file is distributed to users by, e.g., Internet connection or offline distribution of CDs. The retailer itself sets usage rules and policies for licensing the content. A user contacts the retailer's web server, such as via a trusted software client, in order to obtain a license to access the encrypted content. The retailer's web server requests certain rights from the operator's license server, the latter which creates a license containing the key for the requested content file. This license is given to the retailer (e.g. via the web server), which delivers the license to the trusted client of the user. The trusted client retrieves the content file, and uses the received key to access the content.
“Plug and Play” Technologies
A number of different approaches to device data interface are known in the prior art. More recently, so-called “plug and play” technologies have evolved in order to facilitate the ability for a user to connect two or more devices together (including related controllers, or “control points”), and effectively have them be configured appropriately for communication without further user intervention. One of the best known of these technologies is the Universal Plug and Play (UPnP) approach, which comprises a set of protocols that allow devices to connect seamlessly in a peer-to-peer fashion and exchange data, and also to simplify the implementation of networks in the home and enterprise environments. This seamless connectivity is accomplished in large part via use of device control protocols built upon open, Internet-based communication standards such as TCP/IP, UDP and HTTP.
Hallmarks of UPnP include (i) media and device independence, (ii) operating system and programming language independence, and (iii) lack of specific device drivers. UPNP does not constrain the design of application programming interfaces (APIs) for applications running on interface control points. UPNP enables control over device user interface and interaction using a browser, as well as conventional application programmatic control.
The UPNP architecture also supports zero-configuration and automatic discovery, whereby a device can dynamically join a network, obtain an address, announce itself, convey its capabilities upon request, and learn about the presence and capabilities of other devices.
Deficiencies With The Prior Art
Conditional access (CA) paradigms currently in use, such as the aforementioned Powerkey and DigiCipher approaches, are restricted in their scope and not generally extensible beyond the user's set-top box or the equipment used to obtain digital content from a network service. So, for example, the user would generally be prohibited from transferring streamed or downloaded content to their WiFi enabled laptop or PC, or via a USB or FireWire port, since proper conditional access and content protection support does not exist in these devices or by virtue of the interfaces themselves.
Accordingly, content sharing between “authorized” devices is typically performed in the prior art over a vendor-specific or proprietary interface that is specific to a given conditional access system deployed in that network. As previously discussed, the Authorized Service Domain (ASD) sets forth a protocol for devices to exchange content protection information and security packages on, e.g., cable networks. These security packages may pertain, for example, to access or entitlement packages for services on the cable network. However, no mechanism or protocol is provided under the ASD approach (or otherwise) for the protected access and distribution of content on a premises network, especially one serving devices having potentially diverse hardware, software, and security environments.
For example, in a typical home networking environment, content delivered to and stored at the premises (e.g., on a DVR) needs to be delivered to multiple rooms or devices within or associated with the premises. Such “multi-room” DVR or protected content transfer between devices within or associated with the home requires a secure and user-implemented mechanism for exchanging security information. Ultimately, credentials of the devices in the home network have to be verified against a “trusted” device list within the operator network (e.g., at the cable head end) or another authentication node. Using prior art approaches, this has the disability of being overly centralized and hence somewhat inflexible, especially with respect to premises networks which may be both high dynamic in their topology or participants, as well as high heterogeneous in terms of their hardware/software environments, including within the premises network itself (e.g., a WiFi AP may distribute content to a laptop or hand-held computer via a wireless link, or a converged premises device may interface with any number of other devices such as DSTBs, laptops, cable ready televisions, DVRs, etc. using two or more communication media such as indigenous coaxial cable, CAT-5 cabling, wireless, etc.). Hence, premises networks are highly dynamic and often composed of many different types of devices, thereby requiring both a flexible and substantially “universal” mechanism for security information exchange and control/transfer of protected content.
Thus, improved apparatus and methods for facilitating the distribution of digital content within a user premises are needed. Such improved apparatus and methods would ideally operate at the application level (thereby allowing ready implementation on any number of different platforms and environments in a substantially agnostic fashion), and provide users the ability to browse and transfer content between equipment with different vendor's security package implementations.
Such improved apparatus and methods would also preferably be implemented in a manner that is both substantially automated and transparent to the user, and which can leverage the capabilities of existing or planned industry-standard interface technologies such as Universal Plug and Play (UPnP) if desired.